1a1636b5c9f7d8026ef4c41c7f1af957a7746370e962c4599a216e2b93c99db3 | Triage

Sharing

General

Target

ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118
Size

2.8MB
Sample

240819-rak58a1erq
MD5

ab4ce4283b57b4f2ef0ceb3d733af766
SHA1

2690ebf503345a00c602fd44047af3d515444755
SHA256

1a1636b5c9f7d8026ef4c41c7f1af957a7746370e962c4599a216e2b93c99db3
SHA512

a4dda505f83fa1e441d21dcc523b85e4af438d3d9fa3b47f4909cf067b7efe0535d3ef46a3fe697d3f4567232ef554dcd0889582f707ac8928048d5ae953aa14
SSDEEP

49152:R9nF6xj1T/jb6wB7GCIIK8/8l9C3gNxnrApBpc4qM/bZ+YAuewvEZjwtKrIL2u11:R9Qd1T/XBKCIIK8/w0gDA5c43/t+Y5nL

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118
- Size
  
  2.8MB
- MD5
  
  ab4ce4283b57b4f2ef0ceb3d733af766
- SHA1
  
  2690ebf503345a00c602fd44047af3d515444755
- SHA256
  
  1a1636b5c9f7d8026ef4c41c7f1af957a7746370e962c4599a216e2b93c99db3
- SHA512
  
  a4dda505f83fa1e441d21dcc523b85e4af438d3d9fa3b47f4909cf067b7efe0535d3ef46a3fe697d3f4567232ef554dcd0889582f707ac8928048d5ae953aa14
- SSDEEP
  
  49152:R9nF6xj1T/jb6wB7GCIIK8/8l9C3gNxnrApBpc4qM/bZ+YAuewvEZjwtKrIL2u11:R9Qd1T/XBKCIIK8/w0gDA5c43/t+Y5nL
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  12KB
- MD5
  
  1d5c649dde35003a618b9679d5d71b92
- SHA1
  
  0409bbab3ab34f8c01289cdd847b4d1a32d05b18
- SHA256
  
  0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f
- SHA512
  
  b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9
- SSDEEP
  
  384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  6KB
- MD5
  
  5aae8598d8b53bcec81d8e8c8a6732f9
- SHA1
  
  d071fcc74a107c7d7bc5a493d305b00976b07464
- SHA256
  
  be3f03c07be54354b8a9a30a8c0ac384f43c245c9b95ed1025549c76642f3fb4
- SHA512
  
  d20af152b9d1903cd9cd0ff584f14f95ee69cd7149c9ef9369257d08659d1a7ab5860055b39ebd0ead67cfc31da2571175623a5676116ce999acea2b7a643c1d
- SSDEEP
  
  96:VLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsBQhEfP0:VLjPk8OT30FFAmCP0
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  4eff5fafd746f5decb93a44e3a3d570c
- SHA1
  
  a11aa7681b7e2df1c7f7492a127d332d1495ea8a
- SHA256
  
  cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5
- SHA512
  
  cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72
- SSDEEP
  
  192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  SpyFalcon.exe
- Size
  
  1.7MB
- MD5
  
  efc3899410403e713bf3c78a27257a9b
- SHA1
  
  041f7d356243a91f5413c9fad2ce892c07664b7f
- SHA256
  
  ba8f2bd07232667d168f07c39d79f2ce2681dce65ff1e6df8a9b33477ca6cae2
- SHA512
  
  4e4aa36c70cec801cfb4996481fcfa24c7e021212d9e771fb4c655918d3a650d39217a20e7bdec74b7422136a4f74d42eab66152bcf69da17bbe36cbc45fa4ca
- SSDEEP
  
  24576:pZlJVQgy+nI9oQ0WaB63j/I/OfyptviekjjW7cqstIWET5TbqWg/Pf+:pJDs0Wk2fyptvieO4Yt2Thql/3+
Score

7^/10

discovery
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  msvcp71.dll
- Size
  
  488KB
- MD5
  
  561fa2abb31dfa8fab762145f81667c2
- SHA1
  
  c8ccb04eedac821a13fae314a2435192860c72b8
- SHA256
  
  df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b
- SHA512
  
  7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43
- SSDEEP
  
  12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  msvcr71.dll
- Size
  
  340KB
- MD5
  
  86f1895ae8c5e8b17d99ece768a70732
- SHA1
  
  d5502a1d00787d68f548ddeebbde1eca5e2b38ca
- SHA256
  
  8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe
- SHA512
  
  3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da
- SSDEEP
  
  6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  uninst.exe
- Size
  
  40KB
- MD5
  
  ad651966f1792c370887a6fe5c10e730
- SHA1
  
  9cdc8e57675b97b29fbb1496dbc325ca10a17562
- SHA256
  
  039d7061fdae17ad7f6ec882b3b7831f8baba1a8f179f4e023922fa0f4758e1b
- SHA512
  
  a7064640f660249fe5fa50768cf9f11e8ceb8b3ac27b49d68dfcb15e2e2c296596aa3221af382dde88fc45efc8504ca7fe94ac5f9211cb1181eb1aec2fedc3a1
- SSDEEP
  
  768:LMEFP4CyxRyQR4Dk1b+/JwwXVPYwitff/ff6FS6sekJhCEy8HSVm8sXwBtr:FPJc2WCMNv0kJe8HSVm8Gur
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  462dc0d8abebaa425c7808e696ad5a4d
- SHA1
  
  db041b23fa77e1658d6c113fa73f4692a9168979
- SHA256
  
  faf49e3e51562992570a1b468b18bd6c2c0f9fc2904e3136ca7aaf2a12ad9ac0
- SHA512
  
  d1b77873251fa438f8fbebcd94820ba18c236d7f2ac4be85ae503fe6cac90544f889ef4facbca6f8b09c99c7f610a2d0a8aaa88505fce6df1f9b7d8b5eba3f83
- SSDEEP
  
  48:SHHPtcWCeM7etAo1UurdGl4A0h2TpXHWFv+wewzpv1XP3GhaEJ0of2ynh1:q1cWxfzrrh2cFvWwFtSj
Score

3^/10

discovery
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18